| Attribute | Details |
|---|---|
| Threat Actors | China-backed APT groups, specifically Earth Baxia, Earth Baku (APT41, Brass Typhoon) |
| Campaign Overview | Ongoing cyber-espionage targeting high-profile organizations in Southeast Asia since October 2023 |
| Target Regions | Southeast Asia, Taiwan, APAC region |
| Methodology | Intelligence gathering, remote access tools, DLL sideloading, open-source tools, persistence tactics |
| Product Targeted | Government ministries, Air traffic control, Telecom companies, Media outlet |
| Malware Reference | Rakshasa, PlugX (Korplug), Stowaway, ReverseSSH, SharpGPOAbuse |
| Tools Used | Remote access tools, password collectors, keyloggers, DLL sideloading tools, Impacket |
| Vulnerabilities Exploited | DLL sideloading, exploitation of Impacket commands via WMI, authentication filters |
| TTPs | Persistence, data exfiltration, stealth access maintenance, password collection |
| Attribution | Linked to Chinese APT groups like Earth Baxia, Earth Baku, Fireant, Budworm |
| Recommendations | SOC Prime solutions, Symantec protection bulletin for threat mitigation, detection automation |
| Source | SOC Prime |
Read full article: https://socprime.com/blog/chinese-apt-cyberespionage-southeast-asia-detection/
The above summary has been generated by an AI language model
Leave a Reply